[OpenAFS-devel] Document for authenticating against MIT K5/krb524d ?

Adam Thornton adam@fsf.net
Wed, 9 Jan 2002 13:16:30 -0600


On Wed, Jan 09, 2002 at 01:50:02PM -0500, Derrick J Brashear wrote:
> On Wed, 9 Jan 2002, Harald Barth wrote:
(I originally wrote:)
> > > I'm in the midst of setting up an AFS cell, and I want to use MIT
> > > Kerberos 5 with the krb524d as my KDC, rather than the AFS kaserver.
> > Any specific reason why you do not want a Heimdal KDC which does
> > both v4 and v5? I don't like kaserver either and have not used it
> > since 1992-ish.
> I'm with him; However the only document I can provide specifies how to
> convert from a kaserver to Heimdal.

There's no particular reason, other than I already have MIT K5 in place.

Let me be a little clearer about what I want to do:

This is a brand new cell and realm: there is no existing data to be
migrated.  So do I just need an afs@REALM principal on the KDC, and
ka-forwarder in place on the OpenAFS machines?  There are no preexisting
keys or kvnos that I have; do I still need to create them with kaserver
and then migrate them, or can I just create them on the KDC?  Do I just
skip creating the kaserver with bos and instead create a ka-forwarder?

Adam